rev 12596 - in kde-extras/yzis/trunk/debian: . patches

Thu Nov 6 21:56:55 UTC 2008

Author: adi-guest
Date: 2008-11-06 21:56:55 +0000 (Thu, 06 Nov 2008)
New Revision: 12596

Added:
   kde-extras/yzis/trunk/debian/patches/
   kde-extras/yzis/trunk/debian/patches/disable-logging.patch
Modified:
   kde-extras/yzis/trunk/debian/changelog
   kde-extras/yzis/trunk/debian/rules
Log:
disabled logging

Modified: kde-extras/yzis/trunk/debian/changelog
===================================================================

--- kde-extras/yzis/trunk/debian/changelog	2008-11-06 20:43:51 UTC (rev 12595)
+++ kde-extras/yzis/trunk/debian/changelog	2008-11-06 21:56:55 UTC (rev 12596)
@@ -1,3 +1,9 @@
+yzis (1.0~alpha1-2) experimental; urgency=medium
+
+  * Disable log file. Fixes symlink attack vulnerability. (Closes: #504680)
+
+ -- Adrian Friedli <adi at koalatux.ch>  Thu, 06 Nov 2008 18:45:42 +0100
+
 yzis (1.0~alpha1-1) experimental; urgency=low
 
   * Initial release. (Closes: #296520)

Added: kde-extras/yzis/trunk/debian/patches/disable-logging.patch
===================================================================
--- kde-extras/yzis/trunk/debian/patches/disable-logging.patch	                        (rev 0)
+++ kde-extras/yzis/trunk/debian/patches/disable-logging.patch	2008-11-06 21:56:55 UTC (rev 12596)
@@ -0,0 +1,24 @@
+Disable log file. Fixes a symlink attack vulnerability. See Bug#504680.
+
+diff -Nur -x '*.orig' -x '*~' yzis-1.0~alpha1/libyzis/debug.cpp yzis-1.0~alpha1.new/libyzis/debug.cpp
+--- yzis-1.0~alpha1/libyzis/debug.cpp	2008-11-06 20:54:27.000000000 +0100
++++ yzis-1.0~alpha1.new/libyzis/debug.cpp	2008-11-06 20:56:47.000000000 +0100
+@@ -112,14 +112,17 @@
+ #ifdef DEBUG
+     _level = YZ_DEBUG_LEVEL;
+ #else
+-    _level = YZ_WARNING_LEVEL;
++    _level = YZ_FATAL_LEVEL;
+ #endif
+ 
++    /*
+ #ifndef YZIS_WIN32_GCC
+     setDebugOutput( "/tmp/yzisdebug-" + QString(getpwuid(geteuid())->pw_name) + ".log" );
+ #else
+     setDebugOutput( "/tmp/yzisdebug.log" );
+ #endif
++    */
++    setDebugOutput( "stderr" );
+ 
+     // our message handler does not manage to display all messages. So,
+     // it is better left off disabled at the moment. The last one gets lost

Modified: kde-extras/yzis/trunk/debian/rules
===================================================================
--- kde-extras/yzis/trunk/debian/rules	2008-11-06 20:43:51 UTC (rev 12595)
+++ kde-extras/yzis/trunk/debian/rules	2008-11-06 21:56:55 UTC (rev 12596)
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 
 include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
 include /usr/share/cdbs/1/rules/utils.mk
 include /usr/share/cdbs/1/class/cmake.mk
 


